Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1537

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1537
Last Modified 05 Sep 2008 05:02:11
Published 30 Mar 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1537

Summary

Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/init.php, (8) includes/settings.php.orig, (9) includes/js/admin.php, (10) includes/js/edit_entry.php, (11) includes/js/edit_layer.php, (12) includes/js/export_import.php, (13) includes/js/popups.php, (14) includes/js/pref.php, or (15) includes/menu/index.php, which reveal the path in various error messages.

Vulnerable Systems

Application

  • Webcalendar 1.1.0


References

BUGTRAQ - 20060329 Full path disclosure in Webcalendar 1.1.0-CVS

XF - webcalendar-multiple-path-disclosure(25539)

OSVDB - 24536

OSVDB - 24535

OSVDB - 24534

OSVDB - 24533

OSVDB - 24532

OSVDB - 24531

OSVDB - 24530

OSVDB - 24529

OSVDB - 24528

OSVDB - 24527

OSVDB - 24526

OSVDB - 24525

OSVDB - 24524

OSVDB - 24523

OSVDB - 24522

SREASON - 651


Last Updated: 27 May 2016 10:42:06